Anyone researching enterprise mobility will eventually run into the terms BYOD, CYOD, COPE, COSU and COBO (plus a few more). The acronyms themselves are easy: BYOD is Bring Your Own Device; CYOD is Choose Your Own Device; COPE is Company Owned/Personally Enabled; COBO is Company Owned/Business Only; COSU is Company Owned/Single Use. Beyond that, there’s little agreement on what they mean.

In the long run, it doesn’t matter which term you use — they’re all ingredients in the acronym soup that surrounds enterprise mobility. What does matter is that you are clear on what it means to you, your users and your company.

Usually, when comparing definitions, there’s a spectrum ranging from a very “laissez-faire” approach — as in, “we don’t have a mobility policy” — through basic IT integration and access via a smartphone (BYOD), to more intense integration and control using a company-owned and company-controlled device (CYOD, COPE, COBO and COSU). In some definitions, mobility is the key element and the discussion is all about smartphones and tablets; in others, the device is the focus, and everything from home computers and laptops to smartphones can be included.

Setting and defining terms

To create your own mobile program definition, whatever you call it, you’ll want to explicitly describe three important elements:

  • The device: What is it, who picks it, and who pays for the device and cellular connectivity service?
  • Management and support: Who manages the device and is responsible for support?
  • Integration and applications: How closely integrated and important is the device with everyday business workflows?

Start with the device: When building your own program and definitions, begin with the device. Are you talking about just smartphones and tablets? Or does this include laptops and other devices, such as wearables? Who gets to pick which devices are part of the program? And, importantly, be sure to agree on who pays for the device and any monthly connectivity plans.

Shop special offers

Find out about offers on the latest Samsung technology.

See Deals

Speak to a solutions expert

Get expert advice from a solutions consultant.

Talk to an Expert

Your answers to these questions may drive you to one of the acronyms, but it’s more important to answer these questions than to pick exactly the right acronym for your program. At one end is an “anything goes” approach to mobile devices; at the other end is a much more controlled set of choices, usually with corresponding financial commitment from the company.

Consider employees’ preferences as you decide what devices to support. Forcing employees into one operating system (OS) can be counterproductive, as many professionals have a personal preference between iOS and Android, and may struggle to adapt to a new OS.

Move to management and support: Next, describe who controls the device and who is responsible for support. One option is minimalist: the touch on the device (and its support) is barely there, if at all. If a mobile device management (MDM) or enterprise mobility management (EMM) agent is installed on the device and corporate IT sets extensive and restrictive policies, that comes with strong controls and, usually, equally strong support.

Describe integration and applications: Finally, be explicit about how tightly the device is integrated into the network and which corporate applications are running — as well as any personal application restrictions. When the device only has basic collaboration tools — things like email and audio/video conferencing — that’s one end of the spectrum.

If the organization has applications specifically designed for mobile devices, expects them to be part of the daily workflow and connects them directly to the network, that’s a heavier commitment to mobility, which comes with greater resources and greater opportunity to leverage the value of devices in the hands of mobile workers.

Comparing acronyms with Android Enterprise

BYOD, CYOD, COPE, COBO and COSU may be common industry terms, but if you’re diving into the world of Android Enterprise, you’ll have to learn how to map to more specific terminology.

In Android Enterprise (AE), a mobile device without management is highly discouraged. Instead, some version of Android Work Profile is the recommended configuration, combining an MDM or EMM solution and Android Enterprise’s Work Profile feature. AE calls this either “Personally-owned device with a work profile” or “Company-owned device with a work profile.” Both of these options maintain employee privacy on the personal side of the device but have different levels of control available to set policies. In the world of AE, you choose between who bought the device (i.e., the employee or the company), so terms like CYOD and COPE are considered deprecated.

COBO and COSU are also not used in AE: Instead, a company-owned device can either be set up exclusively for work use (“Company-owned device, fully managed”) or with some personal use allowed (“Company-owned device with a work profile”). A dedicated device (preferred in AE instead of the acronym COSU) is just a “company-owned, fully managed” device that is locked to one or more apps that serve a single business function, such as a point-of-sale terminal or a restaurant menu and order placing system.

Finding the right balance

In the discussion above, each of the three elements sits on a spectrum, and generally, the definitions line up. In other words, if you’re tightly integrating the device into everyday workflows by writing applications and connecting it directly to the corporate network, then usually that matches up with equally tight management and support. This, in turn, often means the company will decide to take on all or most of the device and monthly connectivity costs.

To put it another way, an increase in IT system integration and access has to be balanced with a reduction in the risk created by having unmanaged mobile devices connect to your network. That turns into tighter management and fewer device options for end users, which is where CYOD, COPE or COBO comes in. BYOD, on the other hand, generally gives users more freedom but creates greater risk for the business. Companies with BYOD policies may have looser device management and support but balance that by limiting network access and putting less emphasis on company-owned applications.

Build a successful BYOD plan for your business

White Paper

Get our comprehensive guide and template for developing a BYOD policy tailored to your organization. Download Now

If you find that you’re creating a program where the three elements listed above sit at very different ends of the spectrum, then you may want to reconsider whether things are properly aligned. For example, if mobility is key to your business and you’ve invested in application development, then you probably also want to make an investment in a good MDM/EMM solution to be sure that devices do not represent an uncontrolled risk to security. Don’t have a corporate-issued device program with BYOD benefits — or vice versa.

Contrasting BYOD with CYOD, COPE and COBO

BYOD is usually used to describe a mobility program where some basic applications, such as collaboration tools, are available to employees on their own smartphones. The risk of loss is high, so the company only allows for minimum integration of the smartphone with enterprise applications and imposes a correspondingly light management burden.

COPE and CYOD are used to describe mobility programs where the balance is heavily weighted toward the enterprise’s needs for applications, integration and security, and the end user is allowed to use the device for non-enterprise functions as well. COPE and CYOD programs should use containerization tools, such as the Work Profile in Android Enterprise and the Samsung Knox platform, to maintain a separation between personal and work data and applications, as well as employee privacy. With COPE and CYOD, companies provide smartphones primarily for work use, but basic functions such as voice calls, messaging and personal applications are allowed, with some controls on usage and flexibility.

COBO and COSU take things even further by outright prohibiting personal use of a mobile device. When a device is running only a single application, such as an inventory system with an embedded barcode scanner or is embedded into a kiosk, that’s COSU. When mobility policy prohibits personal use, such as in highly regulated industries or security-intensive environments, COBO is used.

At the end of the day, whether you choose to use BYOD, CYOD or something else, the acronym describing your program isn’t as important as choosing the proper balance between the various elements. Your goal should be to match the level of investment in applications, support and devices. Once you do that, you can call it whatever you want.

Learn more about how Samsung Knox secures your company’s phones — no matter which policy you choose to go with. Need help with your mobile strategy? Get a comprehensive guide to planning a CYOD mobile initiative from start to finish.

Posts By

Joel Snyder

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.

View more posts by Joel Snyder